The most advanced open-source recon tool with full GUI • 20+ passive sources • intelligent bruteforce • CDN/WAF bypass • tech fingerprinting • async port scanning • SSL analysis
.png){kind=link}
.png){kind=link}
.png){kind=link}
.png){kind=link}
Main Dashboard & Live Logging
.png)
Summary Tab – Metrics & Top Findings
.png)
Detailed Subdomain Analysis
.png)
Security Assessment Tab – Exposed Panels & Risks
.png)
| Module | Technology | Key Capabilities |
|---|---|---|
| Passive Recon Engine | aiohttp + aiodns |
20+ sources (crt.sh, ThreatCrowd, HackerTarget, Wayback, VirusTotal public, AlienVault OTX, URLScan, RapidDNS, etc.) |
| DNS Bruteforce & Permutations | Custom engine | Custom + Amass-style logic |
| CDN & Cloud Detection | IP ranges + ASN + headers | Cloudflare • Akamai • AWS • Fastly • Incapsula • Sucuri • Azure |
| WAF Detection Engine | Payload triggering + 50+ signatures | Cloudflare • AWS WAF • Sucuri • ModSecurity • Wordfence • F5 |
| Technology Fingerprinting | 100+ Wappalyzer-style signatures | WordPress • Laravel • React • Vue • Django • Shopify • Node.js • Nginx • Apache |
| Real-IP Bypass | Direct connect when no CDN | Automatic fallback to origin IP |
| SSL/TLS Certificate Analysis | OpenSSL.py + native ssl |
SANs, issuer, expiry, self-signed, serial number |
| Async Port Scanner | Raw sockets (asyncio) | 20 high-value ports (21,22,80,443,3306,3389,6379…) |
| Export Engine | JSON • CSV • HTML | Professional reports (PDF coming soon) |
| Mode | Active Probing | Speed | Recommended For |
|---|---|---|---|
| Passive | No | Fast | Safe recon • Bug bounty initial phase |
| Normal | DNS only | Fast | Standard reconnaissance |
| Aggressive | Full (ports+WAF) | Fast | Pentest • Red team |
| Stealth | Full + random delays | Slow | OPSEC-critical operations |
git clone https://github.com/Arash-Mansourpour/ReconHunterPro.git
cd ReconHunterPro
pip install -r requirements.txt
python recon_hunter_pro.py